Web users in malware crosshairs

Online malware attacks are becoming more pervasive, targeted, and refined as the underground threat economy continues to evolve and take on the characteristics of an organized industry.

The latest iteration of Symantec's Internet Security Threat Report -- covering its research over the final six months of calendar 2007 and released on Tuesday at the ongoing RSA Conference 2008 in San Francisco -- finds that malware authors and the ecosystem of constituencies supporting cyber-crime are advancing the sophistication of their efforts at a staggeringly expeditious pace.

From the groups of exploit developers marketing malware toolkits to aspiring attackers to the people buying and selling stolen credentials, the entire landscape of electronic crime is taking off and increasingly resembles the security software community that is working to thwart it, Symantec researchers said.

In his keynote address at the RSA show, Symantec Chief Executive John Thompson reported that there is now more malicious code being created worldwide than there is legitimate software.

The trend is changing both the way that people view IT security in general -- and the manner in which companies like Symantec will need to rethink their anti-malware strategies, the executive said.

"If the growth of malicious software continues to outpace the growth of legitimate software, techniques like white-listing will become much more critical," Thompson said. "Identity management will only grow in importance and will need to expand beyond the enterprise environment -- into consumers. And this is not an easy problem for law enforcement -- the criminals themselves could be anywhere on the planet."

That reality and the widespread availability of exploitable software and Web sites are making it such that industrious criminals are making a great deal of money and rapidly expanding the scope and professionalism of their operations, said Alfred Huger, vice president of Symantec's Security Response research group.

"Virus writers' professionalism has been advancing for years, but the sheer volume of attacks that we're seeing right now is amazing; of all the Web-based attacks that we've ever seen, a full two-thirds of those threats were created in 2007," Huger said.

"Without question there are far more people working on the criminal side, and automation plays a big role, but the different attack iterations that we're finding aren't just altering minor pieces of the malware code anymore," he said. "They're adding whole new features, using customer feedback to improve their functionality, and it's very clear that they are being created in a far more organized fashion."

Huger said that while malware development has traditionally flourished in areas of the world where levels of technical skill are high and legitimate job opportunities are scarce -- including China, Russia, and areas of Eastern Europe and Latin America -- larger numbers of people are likely choosing to get involved in cyber-crime today because it pays so handsomely.